The revelation of Web front-end hacker technology

Buy Now: Secrets of Web front-end hacking technology

Content recommendation

Web front-end hacker attack and defense technology is a very new and interesting hacker technology, the main includes the Web front-end security of cross-site scripting (XSS), cross-station request forgery (CSRF), interface operations hijacking these three categories, involving knowledge points covered trust and trust relationships, cookie security, flash security, Dom rendering, character set, Cross-domain, original ecological attack, advanced fishing, worm idea and so on, these are the necessary knowledge points for the research of front-end security. The author of the book in-depth analysis of many classic attack and defense skills, and gives a lot of unique security insights.

Media Review

"Web front-end Hacking technology" is every Web front-end engineers must be a safe reference book. Mr. Zhong and Mr. Xu Shaobai are my friends for many years, and they have deep attainments in the field of web security. This book is a summary of their years of experience, in-depth analysis of the Web front-end security aspects, many unique insights provoking. For safety practitioners and readers of Internet security, this book is the right choice to be missed.

--Wu Hanqing, the author of "White hat-speaking web security", vice president of safety Bao joint products,

Former Alibaba Group senior security expert

It has become one of the most popular methods to attack Web users ' personal sensitive information through Web front-end application. The author of this book is the domestic Web front-end security research senior experts, this book is also so far in the field of the most comprehensive and profound monographs. The author uses vivid and humorous language for us to thoroughly analyze the current Web front-end hacker's various technologies, for professional security workers, browser developers, Web developers have a good reference value for the promotion of the vast number of web users of their own security awareness and knowledge also has a good reference, recommend you to read.

--Yaishi vice president of Beijing Tian Rong Xin Company

Today, I have had million of information security trainees, but whenever students let me recommend the actual combat technology reference books, all for the recommendation of a good book to worry about, and the birth of this book brought the attack and defense combat technology dazzling light. This book explains the Advanced XSS essence, and shows the "diehard, murderous" csrf power, through the book, Penetration Testing and emergency response engineers will be able to harvest detailed theoretical knowledge and the latest practice guide The risk assessment and safety Audit engineer will be able to understand the new threat of Web2.0 after reading. They will have to expand the technical standards of evaluation and auditing; When the IT Operation security engineers read it, they will realize that the new nightmare has come, in order to avoid more sites to be targeted, the only thing to do is to actively learn, with the times!

--Zhang Shensheng cissp/cisp/cisa/Defense Technology Senior lecturer,

Network crime reappearance and reconnaissance Cloud platform chief architect

With the development of Web2.0, Web front-end attack has gradually become one of the main attacks, but the industry's research on Web front-end security has no system output. Today, I have the privilege to read the first "Web front-end hacker Technology," a book, only to find that there are already people in this area of work. Read through the book is the two authors of the Web security technology for many years of systematic research and technical precipitation, covering all aspects of Web front-end security, is a natural to enhance the industry's overall web security level of the effective. Recommend！ In addition, the two authors Zhong and Mr. Xu Shaobai with deep web security technology to help Tencent improve the safety and quality of products, and here to express our thanks.

--lake2 Tencent Security Emergency Response Center Manager

Mr. Zhong and Mr. Xu Shaobai are my best friends for many years, I am very glad to finally see the advent of this book, in my Familiar Web field, this book is definitely the first choice of domestic web security books, the book of many classic case and ideas, are two years of valuable experience summed up, For those of you who love Web security and the people who work with it, reading this book will surely give readers a deeper understanding of the realm of web security.

--Roshillau "hacker Attack and Defense" series book author,

Sina Weibo application security technology experts, micro-blog Security Center in charge, former Baidu senior engineer

Online Probation Sections

Some say the internet is made up of people, and some people say that the internet is made up of code. If the Internet is composed of code, then the Web front-end code occupies at least half of the internet, if the Internet is composed of people, then there are people's lakes and rivers, the river is always a master swordsman, the Internet is always a skilled hacker master.

Swordsman or hacker, they always use a variety of amazing tricks so that people have not yet responded to the recruit. A person wants to walk in the river of rivers and lakes, will point martial arts. Similarly, in order to surf the Internet, you need to know the hacker's knowledge. Only by knowing and knowing each other, can "laugh proudly".

Thank you very much Zhong to write this preface, Zhong Ming is rare theory + actual combat genius type "hacker", I admire his attainments in web security. What is more commendable is that he and Xu Shaobai their knowledge of the essence of their own without reservation, written "sword spectrum" to the show. "Practice Martial Arts" not only can self-defense, more physical fitness, this book is I see them all the way written, before and after the use of more than a year of time, spent countless painstaking efforts, write very carefully, I read the book in advance, do not dare to hide alone, and June share.

By the way, the current Web 2.0 and HTML5 have infiltrated the Internet and all aspects of our lives, such as:

Tencent's q+ and web QQ have nearly 100,000 web apps.

Google's Chrome online App Store offers more than 70,000 applications, with hundreds of millions of users.

4399.com has tens of thousands of online web games.

Android and Apple currently 17% of apps are developed using HTML 5, and the ratio is rising.

The popularity of SaaS enables a large number of Web applications to serve our every aspect.

......

It can be said that the future of the Internet to a large extent will be composed of html+javascript+css, and security is the basis for the development of the Internet, Internet security will depend to a large extent on the Web front-end security, if the front-end fall, our personal privacy, online payment information and so will be the greatest challenge.

This book is a very systematic explanation of the web-related security issues, illustrated, theoretical and practical aspects, and very rare, the book has a lot of unexpected "hacker" ideas, these ideas are very practical and forward-looking.

If you're a developer and protecting your client's privacy is the first vocation, look at this book, which will teach you how to write a safe application.

If you are a regular Internet user, to protect your own security, you need to see what challenges we face, then look at this book, it can make you understand what you should pay attention to.

If you are a well-meaning hacker, want to change ideas, look at this book, it can give you an unexpected perspective and ideas.

Know Chuang Yu CTO Yang Fanlong

October 8, 2012

Preface 2

Network security is always accompanied by changes in business. More than 10 years ago, the rise of the internet pushed Web services to the top of the wave. From then on, the Web security which comes from the Web service is Web1.0, and the security of the Web1.0 era is mainly embodied in the server-side dynamic script and the security of Web servers. By the year 2004, the birth of Web2.0 marked the advent of another internet revolution! And this time the Web security with 2005 by the then 19-year-old Genius Samykamkar in the history of the first XSS worm to shock the world, which also proclaimed web security officially into the Web2.0 era. The security concerns of this era have been fully shifted from the service side to the client (front) end, the browser to replace the Web server to become the main battlefield of the security war, while the front-end commonly used HTML, JavaScript, CSS, flash, etc. are a powerful weapon in the security battlefield, browser hanging horse, XSS, CSRF , Clickjacking and so on has become the mainstream attack means. There are attacks on the defense, the face of the Web2.0 era of security problems, the Web1.0 era of defense system appears powerless, a lot of security practitioners are thinking and try new defense means, a front-end hacker attack and defense war on this kicked off ...

As a veteran "Scripting Kid", I was fortunate enough to experience the whole process of web security being transformed from Web 1.0 to Web 2.0, Also witnessed a lot of commitment to Web2.0 security technology research company's birth and development process, and met a large group of excellent web security researchers, including the book's two authors: Mr. Zhong and Mr. Xu Shaobai.

Know Zhong Mr. Ming is located in Beijing know Chuang Yu Information Technology Co., Ltd. The company was established in 2007, is one of the earliest concerns about the security of Web2.0 era of the company, and in the field of Web2.0 security defense has made great achievements. and Zhong as early as in 2008 joined the company, and actively joined the Web2.0 of various defense technology research, and later gradually become the mainstay of the company's technology. It is also in the actual combat of these official confrontation, has accomplished his unique understanding to the Web2.0 times security technology, and gradually perfected own technical system.

and Mr. Xu Shaobai's Beijing Tiancheng Technology Co., Ltd., is a traditional information security company that has experienced the web 1.0 times, along with the security challenge of the Web2.0 era, it also makes their researchers devote themselves to this field, thus cultivating a large number of skilled safety researchers. Mr Xu Shaobai is one of them, and he has an in-depth study of Web2.0 security technology, especially in the area of security in HTML 5, where he has always been a leading position.

If the technology accumulation is the "Hardware" foundation of this book, The spirit of sharing is the necessary "software" basis for this book to be born. Fortunately, both Mr Zhong and Mr. Xu Shaobai share the same spirit of sharing their research through blogging and attending various technical summits.

Therefore, the birth of this book is their summary of technical research and willing to share the spirit of the results of the combination. And I was fortunate enough to be the first reader of the book, and I was surprised when I received it, because writing a book seemed to me a very painful thing. In addition, for the Web2.0 security technology subject books, in the Chinese book market is rare, pure technology to share books are few, and their attempt is obviously successful!

This book is a pure technology about the security of the Web2.0 era of professional books, from the browser battlefield to the front of the various weapons and attack means, and then transferred to the defense technology, have done a professional detailed display. Finally, I want to say only one sentence: This book is worth your anticipation!

Superhei

October 18, 2012

Author Introduction

Zhong Ming, graduated from Beijing University of Chemical Engineering, Network name: cosine. Domestic famous web security Team Xeye members, in addition to hobby webhacking, but also to cosmology, anthropology, etc. to maintain a strong interest. 2008 joined Beijing know Chuang Yu Information Technology Co., Ltd., the current research director, the team is committed to web security and mass data research, and related to the implementation of the cool platform. If you want to communicate with me, you can letters my microblog: Weibo.com/evilcos, and the latest developments in this book will also be posted on my microblog.

Xu Shaobai, graduated from Hebei University of Technology. Network Name: XISIGR. Xeye member of domestic famous web security team. 2008 joined the Beijing Day Rong Letter company, the current Beijing days fuse senior security experts, focus on security research, the main areas of research include: Web security, HTML5 security, browser security, protocol analysis. It is also a common speaker in the National Information Security Conference. My microblog: Weibo.com/xisigr, I hope to communicate with you.

Buy Now: Secrets of Web front-end hacking technology